weprphlkdt[.]exe

Target

weprphlkdt.exe
Size

327KB
MD5

f5d70014b34f4fb40632d313c303689d
SHA1

ed7b3d2ac9430003e269b15b484f7e76dfe796ea
SHA256

40a8af7ba362f589ba56cd330c1acd3da4ef965c5c984ab4485070941081ecbd
SHA512

9269d1f1e5b2f259d27ad14964b2f60bc1d97cf94d80b5a69eba8d078c9bdeb456b1d9b5a1b723b06e056b44868a2045a62fbbe3624d98aea466427cc07db9b5
SSDEEP

6144:sBE3gKpW6uSVnYfaVsZj+q3Bl+uV+ndtuF:j37uSVnYC2d+uV+mF

Score

N/A

Malware Config

Signatures

Files

weprphlkdt.exe
.exe windows x86

70cf8e5bdf81365ec7a136e22ddd239b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreateToolbarEx
CreateStatusWindowW
ord17

kernel32

lstrlenW
MultiByteToWideChar
WideCharToMultiByte
EnumLanguageGroupLocalesW
WriteConsoleW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
SetConsoleCtrlHandler
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
lstrcatW
IsValidCodePage
FindNextFileW
GetProcessHeap
FindClose
OutputDebugStringW
GetCurrentThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
lstrcpyW
lstrcmpW
FormatMessageW
LocalFree
GlobalLock
GlobalUnlock
GlobalAlloc
VirtualAlloc
GetWindowsDirectoryW
GetACP
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
CloseHandle
WriteFile
ReadFile
GetFileSize
CreateFileW
DecodePointer
CreateProcessW
GetCurrentDirectoryW
FindFirstFileExW

shell32

SHInvokePrinterCommandW
ShellAboutW
SHFileOperationA
FindExecutableW

urlmon

IsAsyncMoniker
BindAsyncMoniker
GetClassURL
FindMediaTypeClass
IsValidURL
CreateFormatEnumerator
GetClassFileOrMime

rtutils

RouterLogRegisterW
RouterLogEventDataW
TraceDeregisterA
RouterLogEventStringW
TracePrintfW
TraceGetConsoleW
RouterLogDeregisterW
RouterLogEventW
TraceDumpExA

oleaut32

VarI1FromI2
VarI2FromI4
LoadTypeLi
VariantChangeType
VariantInit
SysStringLen
SysFreeString
VarDecFromUI1
VarBstrFromUI4
VarI4FromDisp
VarUI2FromR8

odbc32

ord221
ord15
ord23
ord63
ord121
ord11

mscms

CreateMultiProfileTransform
GetStandardColorSpaceProfileW
IsColorProfileValid
UnregisterCMMW
GetStandardColorSpaceProfileA
CheckColors

winspool.drv

ConnectToPrinterDlg
EnumPrintProcessorsW
DeletePrintProcessorA

msacm32

acmStreamOpen
acmFilterEnumA
acmDriverEnum
acmFormatTagDetailsW

gdi32

CreateEnhMetaFileW
ExcludeClipRect
CreateEllipticRgnIndirect
SetICMProfileA
RemoveFontResourceExA
GetMetaFileA
GetROP2
ScaleViewportExtEx
SetDIBColorTable

user32

DialogBoxParamW
IsWindowVisible
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExW
GetDlgItem
UpdateWindow
CheckDlgButton
OpenClipboard
EndDialog
CloseClipboard
SetClipboardData
GetDC
RegisterClassW
PostQuitMessage
DefWindowProcW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
LoadStringW
EnableMenuItem
CheckMenuItem
GetMenu
EmptyClipboard
TranslateAcceleratorW
LoadCursorW
InvertRect
ScreenToClient
GetCursorPos
SetCursor
MessageBoxW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
LoadAcceleratorsW
ReleaseCapture
SetWindowTextW
SetCapture
GetCapture
SetFocus
ReleaseDC
IsDlgButtonChecked

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyW
RegGetValueW
RegSetValueExW
RegQueryValueW
RegOpenKeyW
RegCloseKey
RegCreateKeyW
RegEnumValueW

ole32

OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstanceEx
CoCreateInstance
CoInstall
StringFromGUID2

Sections

.text
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

70cf8e5bdf81365ec7a136e22ddd239b

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

shell32

urlmon

rtutils

oleaut32

odbc32

mscms

winspool.drv

msacm32

gdi32

user32

comdlg32

advapi32

ole32

Sections

.text Size: 267KB - Virtual size: 267KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 267KB - Virtual size: 267KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 11KB - Virtual size: 11KB